Kesler, in his prior role as a security chief at a healthcare organization, had to make such a trade-off when he implemented multifactor authentication. He says his executive colleagues knew the value of MFA but also had concerns about the extra time it would add to accessing applications.
“We recognized that we had to be smart about how and when we required people to use that second factor,” Kesler explains. “We decided it couldn’t be every time they accessed a computer, because we had doctors and nurses moving between devices and patients frequently throughout the day and we couldn’t ask them to reauthenticate every five minutes. It would be a significant impact on workflows where minutes and seconds matter.”
So security and business together decided to require MFA for onsite users for the first access of the day only, “so they weren’t constantly nagged through the day to do that second factor,” Kesler says.
8. Staying on the job in the face of big (and frequent) trade-offs
Perhaps one of the toughest trade-offs CISOs may make is to stay on the job even when they’ve made a lot more trade-offs than they’d like, Allen says.
